Some libraries don't make it easy (or possible) to check that the algorithm used...

		mfontani on Jan 16, 2018 \| parent \| context \| favorite \| on: Ask HN: What's the recommended method of adding au... Some libraries don't make it easy (or possible) to check that the algorithm used by the JWT sent by the client is in fact the algorithm you're using and want the client to come back with, see i.e. https://auth0.com/blog/critical-vulnerabilities-in-json-web-...

I see, but sticking to HS256 should solve this without much headache.